CWE - Differences between Version 4.0 and Version 4.1

Home > CWE List > Reports > Differences between Version 4.0 and Version 4.1

Differences between Version 4.0 and Version 4.1

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total weaknesses/chains/composites (Version 4.1)	875
Total weaknesses/chains/composites (Version 4.0)	840
Total new	35
Total deprecated	0
Total with major changes	211
Total with only minor changes	3
Total unchanged	1038

Summary of Entry Types

Type	Version 4.0	Version 4.1
Weakness	840	875
Category	312	312
View	39	39
Deprecated	61	61
Total	1252	1287

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	6	0
Description	14	0
Applicable_Platforms	6	0
Time_of_Introduction	0	0
Demonstrative_Examples	22	0
Detection_Factors	1	0
Likelihood_of_Exploit	0	0
Common_Consequences	15	2
Relationships	57	0
References	11	0
Potential_Mitigations	121	1
Observed_Examples	20	0
Terminology_Notes	2	0
Alternate_Terms	5	0
Related_Attack_Patterns	0	0
Relationship_Notes	8	0
Taxonomy_Mappings	0	0
Maintenance_Notes	5	0
Modes_of_Introduction	1	0
Research_Gaps	1	0
Background_Details	0	0
Theoretical_Notes	1	0
Weakness_Ordinalities	0	0
Other_Notes	0	0
View_Type	0	0
View_Structure	0	0
View_Filter	0	0
View_Audience	0	0
Type	1	0
Source_Taxonomy	0	0

Form and Abstraction Changes

From	To	Total	CWE IDs
Unchanged		1251
Weakness/Base	Weakness/Variant	1	129

Status Changes

From	To	Total
Unchanged		1252

Relationship Changes

The "Version 4.1 Total" lists the total number of relationships in Version 4.1. The "Shared" value is the total number of relationships in entries that were in both Version 4.1 and Version 4.0. The "New" value is the total number of relationships involving entries that did not exist in Version 4.0. Thus, the total number of relationships in Version 4.1 would combine stats from Shared entries and New entries.

Relationship	Version 4.1 Total	Version 4.0 Total	Version 4.1 Shared	Unchanged	Added to Version 4.1	Removed from Version 4.0	Version 4.1 New
ALL	8767	8595	8591	8575	16	20	176
ChildOf	3656	3587	3583	3577	6	10	73
ParentOf	3656	3587	3583	3577	6	10	73
MemberOf	496	496	496	496
HasMember	496	496	496	496
CanPrecede	128	122	123	122	1		5
CanFollow	128	122	123	122	1		5
StartsWith	3	3	3	3
Requires	13	13	13	13
RequiredBy	13	13	13	13
CanAlsoBe	28	28	28	28
PeerOf	150	128	130	128	2		20

Nodes Removed from Version 4.0

CWE-ID	CWE Name
None.

Hardware Nodes Added to Version 4.1

CWE-ID	CWE Name
1254	Incorrect Comparison Logic Granularity
1256	Hardware Features Enable Physical Attacks from Software
1257	Improper Access Control Applied to Mirrored or Aliased Memory Regions
1258	Sensitive Information Uncleared During Hardware Debug Flows
1259	Improper Protection of Security Identifiers
1260	Improper Handling of Overlap Between Protected Memory Ranges
1261	Improper Handling of Single Event Upsets
1262	Register Interface Allows Software Access to Sensitive Data or Security Settings
1263	Insufficient Physical Protection Mechanism
1264	Hardware Logic with Insecure De-Synchronization between Control and Data Channels
1266	Improper Scrubbing of Sensitive Data from Decommissioned Device
1267	Policy Uses Obsolete Encoding
1268	Agents Included in Control Policy are not Contained in Less-Privileged Policy
1269	Product Released in Non-Release Configuration
1270	Generation of Incorrect Security Identifiers
1271	Missing Known Value on Reset for Registers Holding Security Settings
1272	Debug/Power State Transitions Leak Information
1273	Device Unlock Credential Sharing
1274	Insufficient Protections on the Volatile Memory Containing Boot Code
1276	Hardware Block Incorrectly Connected to Larger System
1277	Firmware Not Updateable
1278	Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
1279	Cryptographic Primitives used without Successful Self-Test
1280	Access Control Check Implemented After Asset is Accessed
1281	Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)
1282	Assumed-Immutable Data Stored in Writable Memory
1283	Mutable Attestation or Measurement Reporting Data

Software Nodes Added to Version 4.1

CWE-ID	CWE Name
1265	Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
1275	Sensitive Cookie with Improper SameSite Attribute
1284	Improper Validation of Specified Quantity in Input
1285	Improper Validation of Specified Index, Position, or Offset in Input
1286	Improper Validation of Syntactic Correctness of Input
1287	Improper Validation of Specified Type of Input
1288	Improper Validation of Consistency within Input
1289	Improper Validation of Unsafe Equivalence in Input

Nodes Deprecated in Version 4.1

CWE-ID	CWE Name
None.

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

D		R	20	Improper Input Validation
		R	41	Improper Resolution of Path Equivalence
		R	73	External Control of File Name or Path
		R	112	Missing XML Validation
		R	114	Process Control
		R	119	Improper Restriction of Operations within the Bounds of a Memory Buffer
		R	129	Improper Validation of Array Index
	N	R	137	Data Neutralization Issues
		R	147	Improper Neutralization of Input Terminators
		R	178	Improper Handling of Case Sensitivity
		R	179	Incorrect Behavior Order: Early Validation
		R	200	Exposure of Sensitive Information to an Unauthorized Actor
		R	208	Observable Timing Discrepancy
		R	212	Improper Removal of Sensitive Information Before Storage or Transfer
		R	284	Improper Access Control
		R	345	Insufficient Verification of Data Authenticity
		R	349	Acceptance of Extraneous Untrusted Data With Trusted Data
		R	352	Cross-Site Request Forgery (CSRF)
		R	371	State Issues
D			384	Session Fixation
D			400	Uncontrolled Resource Consumption
		R	404	Improper Resource Shutdown or Release
		R	416	Use After Free
		R	471	Modification of Assumed-Immutable Data (MAID)
D		R	606	Unchecked Input for Loop Condition
D			622	Improper Validation of Function Hook Arguments
		R	626	Null Byte Interaction Error (Poison Null Byte)
		R	641	Improper Restriction of Names for Files and Other Resources
		R	663	Use of a Non-reentrant Function in a Concurrent Context
		R	664	Improper Control of a Resource Through its Lifetime
		R	665	Improper Initialization
		R	668	Exposure of Resource to Wrong Sphere
		R	691	Insufficient Control Flow Management
D	N		692	Incomplete Denylist to Cross-Site Scripting
		R	693	Protection Mechanism Failure
D		R	696	Incorrect Behavior Order
		R	697	Incorrect Comparison
D			707	Improper Neutralization
		R	755	Improper Handling of Exceptional Conditions
D		R	770	Allocation of Resources Without Limits or Throttling
D			777	Regular Expression without Anchors
		R	781	Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
		R	789	Uncontrolled Memory Allocation
		R	791	Incomplete Filtering of Special Elements
		R	821	Incorrect Synchronization
		R	843	Access of Resource Using Incompatible Type ('Type Confusion')
D	N		942	Permissive Cross-domain Policy with Untrusted Domains
		R	1037	Processor Optimization Removal or Modification of Security-critical Code
		R	1173	Improper Use of Validation Framework
D	N	R	1191	Exposed Chip Debug and or Test Interface With Insufficient Access Control
		R	1195	Manufacturing and Life Cycle Management Concerns
		R	1196	Security Flow Issues
		R	1197	Integration Issues
		R	1198	Privilege Separation and Access Control Issues
		R	1199	General Circuit and Logic Design Concerns
		R	1201	Core and Compute Issues
		R	1202	Memory and Storage Issues
		R	1205	Security Primitives and Cryptography Issues
		R	1206	Power, Clock, and Reset Concerns
		R	1207	Debug and Test Problems
		R	1208	Cross-Cutting Problems
D	N	R	1215	Data Validation Issues
		R	1243	Exposure of Security-Sensitive Fuse Values During Debug
D	N	R	1253	Incorrect Selection of Fuse Values

Detailed Difference Report

20	Improper Input Validation
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Terminology_Notes
	Minor	None
22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
	Major	Demonstrative_Examples, Potential_Mitigations
	Minor	None
23	Relative Path Traversal
	Major	Observed_Examples, Potential_Mitigations
	Minor	None
24	Path Traversal: '../filedir'
	Major	Potential_Mitigations
	Minor	None
25	Path Traversal: '/../filedir'
	Major	Potential_Mitigations
	Minor	None
26	Path Traversal: '/dir/../filename'
	Major	Potential_Mitigations
	Minor	None
27	Path Traversal: 'dir/../../filename'
	Major	Potential_Mitigations
	Minor	None
28	Path Traversal: '..\filedir'
	Major	Observed_Examples, Potential_Mitigations
	Minor	None
29	Path Traversal: '\..\filename'
	Major	Potential_Mitigations
	Minor	None
30	Path Traversal: '\dir\..\filename'
	Major	Potential_Mitigations
	Minor	None
31	Path Traversal: 'dir\..\..\filename'
	Major	Potential_Mitigations
	Minor	None
32	Path Traversal: '...' (Triple Dot)
	Major	Potential_Mitigations
	Minor	None
33	Path Traversal: '....' (Multiple Dot)
	Major	Potential_Mitigations
	Minor	None
34	Path Traversal: '....//'
	Major	Potential_Mitigations
	Minor	None
35	Path Traversal: '.../...//'
	Major	Potential_Mitigations
	Minor	None
37	Path Traversal: '/absolute/pathname/here'
	Major	Potential_Mitigations
	Minor	None
38	Path Traversal: '\absolute\pathname\here'
	Major	Potential_Mitigations
	Minor	None
39	Path Traversal: 'C:dirname'
	Major	Potential_Mitigations
	Minor	None
40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
	Major	Potential_Mitigations
	Minor	None
41	Improper Resolution of Path Equivalence
	Major	Observed_Examples, Potential_Mitigations, Relationships
	Minor	None
51	Path Equivalence: '/multiple//internal/slash'
	Major	Potential_Mitigations
	Minor	None
52	Path Equivalence: '/multiple/trailing/slash//'
	Major	Potential_Mitigations
	Minor	None
53	Path Equivalence: '\multiple\\internal\backslash'
	Major	Potential_Mitigations
	Minor	None
54	Path Equivalence: 'filedir\' (Trailing Backslash)
	Major	Potential_Mitigations
	Minor	None
55	Path Equivalence: '/./' (Single Dot Directory)
	Major	Potential_Mitigations
	Minor	None
56	*Path Equivalence: 'filedir' (Wildcard)**
	Major	Potential_Mitigations
	Minor	None
57	Path Equivalence: 'fakedir/../realdir/filename'
	Major	Observed_Examples, Potential_Mitigations
	Minor	None
73	External Control of File Name or Path
	Major	Potential_Mitigations, Relationships
	Minor	None
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
	Major	Potential_Mitigations
	Minor	None
75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
	Major	Potential_Mitigations
	Minor	None
76	Improper Neutralization of Equivalent Special Elements
	Major	Potential_Mitigations
	Minor	None
77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
	Major	Potential_Mitigations
	Minor	None
78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
	Major	Observed_Examples, Potential_Mitigations
	Minor	None
79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
	Major	Observed_Examples, Potential_Mitigations
	Minor	None
80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
	Major	Potential_Mitigations
	Minor	None
81	Improper Neutralization of Script in an Error Message Web Page
	Major	Potential_Mitigations
	Minor	None
83	Improper Neutralization of Script in Attributes in a Web Page
	Major	Potential_Mitigations
	Minor	None
84	Improper Neutralization of Encoded URI Schemes in a Web Page
	Major	Potential_Mitigations
	Minor	None
85	Doubled Character XSS Manipulations
	Major	Potential_Mitigations
	Minor	None
87	Improper Neutralization of Alternate XSS Syntax
	Major	Potential_Mitigations
	Minor	None
88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
	Major	Potential_Mitigations
	Minor	None
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
	Major	Demonstrative_Examples, Potential_Mitigations, Relationship_Notes
	Minor	None
90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
	Major	Potential_Mitigations, Relationship_Notes
	Minor	None
91	XML Injection (aka Blind XPath Injection)
	Major	Potential_Mitigations
	Minor	None
94	Improper Control of Generation of Code ('Code Injection')
	Major	Potential_Mitigations
	Minor	None
95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
	Major	Potential_Mitigations
	Minor	None
96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
	Major	Potential_Mitigations
	Minor	None
98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
	Major	Potential_Mitigations
	Minor	None
112	Missing XML Validation
	Major	Relationships
	Minor	None
113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
	Major	Potential_Mitigations
	Minor	None
114	Process Control
	Major	Relationships
	Minor	None
116	Improper Encoding or Escaping of Output
	Major	Applicable_Platforms, Demonstrative_Examples, Potential_Mitigations
	Minor	None
117	Improper Output Neutralization for Logs
	Major	Potential_Mitigations
	Minor	None
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
	Major	Relationships
	Minor	None
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
	Major	Common_Consequences, Potential_Mitigations
	Minor	None
121	Stack-based Buffer Overflow
	Major	Common_Consequences
	Minor	None
125	Out-of-bounds Read
	Major	Potential_Mitigations
	Minor	None
126	Buffer Over-read
	Major	Demonstrative_Examples
	Minor	None
129	Improper Validation of Array Index
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Type
	Minor	None
130	Improper Handling of Length Parameter Inconsistency
	Major	Common_Consequences, Demonstrative_Examples
	Minor	None
137	Data Neutralization Issues
	Major	Name, Relationships
	Minor	None
138	Improper Neutralization of Special Elements
	Major	Potential_Mitigations
	Minor	None
140	Improper Neutralization of Delimiters
	Major	Potential_Mitigations
	Minor	None
141	Improper Neutralization of Parameter/Argument Delimiters
	Major	Potential_Mitigations
	Minor	None
142	Improper Neutralization of Value Delimiters
	Major	Potential_Mitigations
	Minor	None
143	Improper Neutralization of Record Delimiters
	Major	Potential_Mitigations
	Minor	None
144	Improper Neutralization of Line Delimiters
	Major	Potential_Mitigations
	Minor	None
145	Improper Neutralization of Section Delimiters
	Major	Potential_Mitigations
	Minor	None
146	Improper Neutralization of Expression/Command Delimiters
	Major	Potential_Mitigations
	Minor	None
147	Improper Neutralization of Input Terminators
	Major	Potential_Mitigations, Relationships
	Minor	None
148	Improper Neutralization of Input Leaders
	Major	Potential_Mitigations
	Minor	None
149	Improper Neutralization of Quoting Syntax
	Major	Potential_Mitigations
	Minor	None
150	Improper Neutralization of Escape, Meta, or Control Sequences
	Major	Potential_Mitigations
	Minor	None
151	Improper Neutralization of Comment Delimiters
	Major	Potential_Mitigations
	Minor	None
152	Improper Neutralization of Macro Symbols
	Major	Potential_Mitigations
	Minor	None
153	Improper Neutralization of Substitution Characters
	Major	Potential_Mitigations
	Minor	None
154	Improper Neutralization of Variable Name Delimiters
	Major	Potential_Mitigations
	Minor	None
155	Improper Neutralization of Wildcards or Matching Symbols
	Major	Potential_Mitigations
	Minor	None
156	Improper Neutralization of Whitespace
	Major	Potential_Mitigations
	Minor	None
157	Failure to Sanitize Paired Delimiters
	Major	Potential_Mitigations
	Minor	None
158	Improper Neutralization of Null Byte or NUL Character
	Major	Observed_Examples, Potential_Mitigations
	Minor	None
159	Improper Handling of Invalid Use of Special Elements
	Major	Potential_Mitigations
	Minor	None
160	Improper Neutralization of Leading Special Elements
	Major	Potential_Mitigations
	Minor	None
161	Improper Neutralization of Multiple Leading Special Elements
	Major	Potential_Mitigations
	Minor	None
162	Improper Neutralization of Trailing Special Elements
	Major	Potential_Mitigations
	Minor	None
163	Improper Neutralization of Multiple Trailing Special Elements
	Major	Potential_Mitigations
	Minor	None
164	Improper Neutralization of Internal Special Elements
	Major	Potential_Mitigations
	Minor	None
165	Improper Neutralization of Multiple Internal Special Elements
	Major	Potential_Mitigations
	Minor	None
166	Improper Handling of Missing Special Element
	Major	Potential_Mitigations
	Minor	None
167	Improper Handling of Additional Special Element
	Major	Potential_Mitigations
	Minor	None
168	Improper Handling of Inconsistent Special Elements
	Major	Potential_Mitigations
	Minor	None
172	Encoding Error
	Major	Potential_Mitigations
	Minor	None
173	Improper Handling of Alternate Encoding
	Major	Potential_Mitigations
	Minor	None
174	Double Decoding of the Same Data
	Major	Potential_Mitigations
	Minor	None
175	Improper Handling of Mixed Encoding
	Major	Potential_Mitigations
	Minor	None
176	Improper Handling of Unicode Encoding
	Major	Potential_Mitigations
	Minor	None
177	Improper Handling of URL Encoding (Hex Encoding)
	Major	Potential_Mitigations
	Minor	None
178	Improper Handling of Case Sensitivity
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships
	Minor	None
179	Incorrect Behavior Order: Early Validation
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships
	Minor	None
180	Incorrect Behavior Order: Validate Before Canonicalize
	Major	Demonstrative_Examples, Potential_Mitigations
	Minor	None
182	Collapse of Data into Unsafe Value
	Major	Potential_Mitigations
	Minor	None
183	Permissive List of Allowed Inputs
	Major	Alternate_Terms, Observed_Examples
	Minor	None
184	Incomplete List of Disallowed Inputs
	Major	Alternate_Terms, Observed_Examples
	Minor	None
185	Incorrect Regular Expression
	Major	Relationship_Notes
	Minor	None
186	Overly Restrictive Regular Expression
	Major	Relationship_Notes
	Minor	None
190	Integer Overflow or Wraparound
	Major	Observed_Examples
	Minor	None
200	Exposure of Sensitive Information to an Unauthorized Actor
	Major	Relationships
	Minor	None
208	Observable Timing Discrepancy
	Major	Relationships
	Minor	None
212	Improper Removal of Sensitive Information Before Storage or Transfer
	Major	Relationships
	Minor	None
241	Improper Handling of Unexpected Data Type
	Major	Potential_Mitigations
	Minor	None
251	Often Misused: String Management
	Major	References
	Minor	None
252	Unchecked Return Value
	Major	Observed_Examples
	Minor	None
284	Improper Access Control
	Major	Relationships
	Minor	None
289	Authentication Bypass by Alternate Name
	Major	Potential_Mitigations
	Minor	None
345	Insufficient Verification of Data Authenticity
	Major	Relationships
	Minor	None
346	Origin Validation Error
	Major	Demonstrative_Examples, Terminology_Notes
	Minor	None
348	Use of Less Trusted Source
	Major	Demonstrative_Examples
	Minor	None
349	Acceptance of Extraneous Untrusted Data With Trusted Data
	Major	Observed_Examples, Relationships
	Minor	None
352	Cross-Site Request Forgery (CSRF)
	Major	Relationships, Theoretical_Notes
	Minor	None
371	State Issues
	Major	Relationships
	Minor	None
384	Session Fixation
	Major	Description
	Minor	None
400	Uncontrolled Resource Consumption
	Major	Description, Maintenance_Notes
	Minor	None
404	Improper Resource Shutdown or Release
	Major	Relationships
	Minor	None
415	Double Free
	Major	Common_Consequences
	Minor	None
416	Use After Free
	Major	Relationships
	Minor	None
427	Uncontrolled Search Path Element
	Major	Potential_Mitigations
	Minor	None
428	Unquoted Search Path or Element
	Major	Potential_Mitigations
	Minor	None
434	Unrestricted Upload of File with Dangerous Type
	Major	Potential_Mitigations, Relationship_Notes
	Minor	None
450	Multiple Interpretations of UI Input
	Major	Potential_Mitigations
	Minor	None
454	External Initialization of Trusted Variables or Data Stores
	Major	Potential_Mitigations
	Minor	None
456	Missing Initialization of a Variable
	Major	Demonstrative_Examples
	Minor	None
469	Use of Pointer Subtraction to Determine Size
	Major	Common_Consequences
	Minor	None
470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
	Major	Potential_Mitigations
	Minor	None
471	Modification of Assumed-Immutable Data (MAID)
	Major	Relationships
	Minor	None
472	External Control of Assumed-Immutable Web Parameter
	Major	Potential_Mitigations
	Minor	None
476	NULL Pointer Dereference
	Major	Common_Consequences
	Minor	None
502	Deserialization of Untrusted Data
	Major	Alternate_Terms, Potential_Mitigations
	Minor	None
551	Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
	Major	Potential_Mitigations
	Minor	None
562	Return of Stack Variable Address
	Major	Common_Consequences
	Minor	None
564	SQL Injection: Hibernate
	Major	Potential_Mitigations
	Minor	None
601	URL Redirection to Untrusted Site ('Open Redirect')
	Major	Potential_Mitigations
	Minor	None
606	Unchecked Input for Loop Condition
	Major	Demonstrative_Examples, Description, Relationships
	Minor	None
621	Variable Extraction Error
	Major	Potential_Mitigations
	Minor	None
622	Improper Validation of Function Hook Arguments
	Major	Description
	Minor	None
623	Unsafe ActiveX Control Marked Safe For Scripting
	Major	Observed_Examples
	Minor	None
626	Null Byte Interaction Error (Poison Null Byte)
	Major	Observed_Examples, Relationships
	Minor	None
627	Dynamic Variable Evaluation
	Major	Potential_Mitigations
	Minor	None
639	Authorization Bypass Through User-Controlled Key
	Major	Alternate_Terms
	Minor	None
641	Improper Restriction of Names for Files and Other Resources
	Major	Potential_Mitigations, Relationships
	Minor	None
642	External Control of Critical State Data
	Major	Demonstrative_Examples
	Minor	None
663	Use of a Non-reentrant Function in a Concurrent Context
	Major	Relationships
	Minor	None
664	Improper Control of a Resource Through its Lifetime
	Major	Relationships
	Minor	None
665	Improper Initialization
	Major	Relationships
	Minor	None
668	Exposure of Resource to Wrong Sphere
	Major	Relationships
	Minor	None
690	Unchecked Return Value to NULL Pointer Dereference
	Major	Common_Consequences
	Minor	None
691	Insufficient Control Flow Management
	Major	Relationships
	Minor	None
692	Incomplete Denylist to Cross-Site Scripting
	Major	Description, Name, Observed_Examples, References
	Minor	None
693	Protection Mechanism Failure
	Major	Relationships
	Minor	None
696	Incorrect Behavior Order
	Major	Description, Observed_Examples, Relationships
	Minor	None
697	Incorrect Comparison
	Major	Relationships
	Minor	None
698	Execution After Redirect (EAR)
	Major	Demonstrative_Examples
	Minor	None
707	Improper Neutralization
	Major	Description, Maintenance_Notes
	Minor	None
733	Compiler Optimization Removal or Modification of Security-critical Code
	Major	Observed_Examples
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Potential_Mitigations
	Minor	None
755	Improper Handling of Exceptional Conditions
	Major	Relationships
	Minor	None
770	Allocation of Resources Without Limits or Throttling
	Major	Applicable_Platforms, Description, Maintenance_Notes, Potential_Mitigations, Relationship_Notes, Relationships
	Minor	None
777	Regular Expression without Anchors
	Major	Common_Consequences, Description, Potential_Mitigations
	Minor	None
781	Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
	Major	Relationships
	Minor	None
787	Out-of-bounds Write
	Major	Observed_Examples
	Minor	None
788	Access of Memory Location After End of Buffer
	Major	Demonstrative_Examples
	Minor	None
789	Uncontrolled Memory Allocation
	Major	Relationships
	Minor	None
791	Incomplete Filtering of Special Elements
	Major	Relationships
	Minor	None
805	Buffer Access with Incorrect Length Value
	Major	Common_Consequences
	Minor	None
806	Buffer Access Using Size of Source Buffer
	Major	Common_Consequences
	Minor	None
821	Incorrect Synchronization
	Major	Relationships
	Minor	None
829	Inclusion of Functionality from Untrusted Control Sphere
	Major	Potential_Mitigations
	Minor	None
840	Business Logic Errors
	Major	References
	Minor	None
843	Access of Resource Using Incompatible Type ('Type Confusion')
	Major	Common_Consequences, Relationships
	Minor	None
913	Improper Control of Dynamically-Managed Code Resources
	Major	Potential_Mitigations
	Minor	None
914	Improper Control of Dynamically-Identified Variables
	Major	Potential_Mitigations
	Minor	None
915	Improperly Controlled Modification of Dynamically-Determined Object Attributes
	Major	Alternate_Terms, Potential_Mitigations
	Minor	None
927	Use of Implicit Intent for Sensitive Communication
	Major	Demonstrative_Examples
	Minor	None
939	Improper Authorization in Handler for Custom URL Scheme
	Major	Potential_Mitigations
	Minor	None
940	Improper Verification of Source of a Communication Channel
	Major	Demonstrative_Examples, Potential_Mitigations
	Minor	None
942	Permissive Cross-domain Policy with Untrusted Domains
	Major	Description, Name
	Minor	None
1007	Insufficient Visual Distinction of Homoglyphs Presented to User
	Major	Observed_Examples
	Minor	None
1021	Improper Restriction of Rendered UI Layers or Frames
	Major	Potential_Mitigations
	Minor	None
1037	Processor Optimization Removal or Modification of Security-critical Code
	Major	Relationships
	Minor	None
1128	CISQ Quality Measures (2016)
	Major	References
	Minor	None
1129	CISQ Quality Measures - Reliability
	Major	References
	Minor	None
1130	CISQ Quality Measures - Maintainability
	Major	References
	Minor	None
1131	CISQ Quality Measures - Security
	Major	References
	Minor	None
1132	CISQ Quality Measures - Performance
	Major	References
	Minor	None
1173	Improper Use of Validation Framework
	Major	Relationships
	Minor	None
1191	Exposed Chip Debug and or Test Interface With Insufficient Access Control
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, References, Relationships
	Minor	None
1195	Manufacturing and Life Cycle Management Concerns
	Major	Relationships
	Minor	None
1196	Security Flow Issues
	Major	Relationships
	Minor	None
1197	Integration Issues
	Major	Relationships
	Minor	None
1198	Privilege Separation and Access Control Issues
	Major	Relationships
	Minor	None
1199	General Circuit and Logic Design Concerns
	Major	Relationships
	Minor	None
1201	Core and Compute Issues
	Major	Relationships
	Minor	None
1202	Memory and Storage Issues
	Major	Relationships
	Minor	None
1205	Security Primitives and Cryptography Issues
	Major	Relationships
	Minor	None
1206	Power, Clock, and Reset Concerns
	Major	Relationships
	Minor	None
1207	Debug and Test Problems
	Major	Relationships
	Minor	None
1208	Cross-Cutting Problems
	Major	Relationships
	Minor	None
1215	Data Validation Issues
	Major	Description, Name, Relationship_Notes, Relationships
	Minor	None
1221	Incorrect Register Defaults or Module Parameters
	Major	None
	Minor	Potential_Mitigations
1223	Race Condition for Write-Once Attributes
	Major	None
	Minor	Common_Consequences
1224	Improper Restriction of Write-Once Bit Fields
	Major	None
	Minor	Common_Consequences
1241	Use of Predictable Algorithm in Random Number Generator
	Major	Common_Consequences, Demonstrative_Examples, Modes_of_Introduction
	Minor	None
1243	Exposure of Security-Sensitive Fuse Values During Debug
	Major	Relationships
	Minor	None
1250	Improper Preservation of Consistency Between Independent Representations of Shared State
	Major	Applicable_Platforms
	Minor	None
1253	Incorrect Selection of Fuse Values
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Potential_Mitigations, References, Relationships
	Minor	None

Page Last Updated: June 25, 2020


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration